This module exploits a configuration issue that exists in WebKit's use of libxslt. Arbitrary files can be created with the privileges of the user, which may lead to arbitrary code execution. This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will strategically place a file in the victim's OS so an agent will be deployed when Terminal is executed.
This module exploits an error in Apple Safari when handling parent windows, which allows the execution of arbitrary code when the user closes the popup windows. This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability exists within the QuickTimeVR.qtx component when processing a QTVRStringAtom having an overly large "stringLength" parameter. This can be exploited to cause a based buffer overflow and execute arbitrary code under the context of the user running the application. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7 or 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability exists within the way Quicktime handles the PnSize PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value, this is later used as the size parameter for a memory copy function that copies from the file onto the stack. The results in a stack based buffer overflow that allows for remote code execution under the context of the current user.
A buffer overflow in the Apple QuickTime plugin allows remote attackers to execute arbitrary code via a specially crafted MIME type. This module runs a web server waiting for vulnerable clients (Safari 5.7.1) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Subscribe to Impact